【 摘 要 】

Cyber-attacks on SCADA (supervisory control and data acquisition) systems used by industrial control systems (ICS), e.g., power grids, can cause severe damage. In December 2015, remote intruders penetrated a Ukrainian power grid and caused a blackout that affected 225,000 residents. Mitigating physical damage from cyber attackers for SCADA can be very challenging because attackers can penetrate internal SCADA communication networks and use syntactically correct network messages to deliver compromised measurements or commands that can cause destructive physical perturbations.In this dissertation, wefirst provide in-depth analysis of control-related attacks that aim at introducing physical damage on power systems. We use theoretic approaches, e.g., control theory and power flow analysis, and numerical simulations to obtain solid understanding of malicious activities that adversaries can use during the penetration, preparation, and execution stages of an attack. Based on the analyses, we combine the knowledge from both cyber and physical domains of power system to disrupt attackers activities in each stage and ultimately to prevent physical damage.To detect malicious activities that adversaries use to execute attack strategies, we integrate a DNP3 analyzer in Bro and develop a semantic analysis framework. The DNP3 analyzer is the first network IDS that fully supports communication protocols used by SCADA systems in power grids. The analyzer leverages a newly proposed adaptive power flow analysis algorithm to perform timely and accurate detection of malicious control commands observed from a vulnerable SCADA network.To restore lost measurements from devices compromised by the control-related attacks, we present an innovative self-healing mechanism for communication networks used in power systems. After a cyber-attack is detected, the mechanism uses software-defined networking (SDN) to change the configuration of the network switches so that the compromised devices are isolated to prevent further propagation. Meanwhile, the uncompromised devices are reconnected to the network to self-heal and therefore restore the observability of the power system. Specifically, integer linear programming (ILP) models are formulated to minimize the overhead of the self-healing process while considering the constraints of power system observability, hardware resources, and network topology. In addition, we propose a greedy heuristic to reduce computational complexity. We evaluate the self-healing scheme, including both the ILP models and the heuristic algorithm, on communication networks used by both IEEE 30-bus and 118-bus systems.To preemptively foil adversaries in the attack's preparation stage, we present the design of Raincoat, which randomizes data acquisitions performed in SCADA systems. Raincoat manipulates network flows to transform a single deterministic data acquisition request into multiple rounds of data acquisitions of randomly selected online/offline devices. While online devices respond with real measurements, Raincoat spoofs measurements on behalf of offline devices. To spoof measurements that follow physical models of power systems, we include in Raincoat an algorithm that generates decoy measurements. Decoy measurements mislead attackers into designing (i) false data injection attacks that cannot pass the state estimation, and (ii) control-related attacks whose probability of generating physical damage is reduced to less than 5% in a real-world power system.

【 预 览 】

附件列表

Files	Size	Format	View
Detection and prevention of intrusions in power system cyber-physical infrastructure	10975KB	PDF	download